If you search on the internet you will find information regarding port 135. You will also find alot of seeming people saying "it's not harmful just block it with Windows Firewall". Then, what about theWannaCry Virus?
Let me tell you the story of Microsoft's way to ensure access to all our systems.
Some time in the past, Microsoft invented a protocol called RPC. This protocol was designed to allow code to be executed remotely and was their first attempt to enforce a model around software where-by they owned AND controlled the code users used (in order that they could enforce continuious payments for services). They introduced it first as a ""convinence"" tool to allow servers to offer software solutions to remote workers. In it's first incarnation RPC was a service attached to the network stack and could be applied to an adapter as an opt-in feature (no objections to that).
Now, bear in mind, Microsoft has one aim, to wrest money from the hands of its users in such a way that they might reasonably expect continious and continual revenue (Ideally with no additional work, aka "The Cloud").
So, people obviously didn't want this invasive technology. Firstly, people back in those times where less dumb (frankly) and where concerned about another Corporate taking software out of their control. So people generally didn't include it / install it.
People continued however to buy Microsoft products and so began the Microsoft plan to ensure reliance on them. Though, first, the problem of users not wanting to rely on their RPC solution to begin with.
So, what Microsoft did was begin to ship a lot of features which in an edge case depended on RPC for their function. At first it was sensible stuff, but increasingly they would include RPC function just to include and necessitate people to have it switched on.
Welcome, Windows Vista. Now, people where STILL turning off RPC (and most wisely given the future of Wannacry and EternalBlue). So what do Microsoft do? They make the core functions of the system depend on RPC. So things like Task Scheduler and Event Viewer. Whilst in some senses it might make sense for Event Viewer to require access to a remote machine, it does NOT make sense for it to require remote execution, it only needs to view. So, in the Vista timeline, turning off RPC still worked, it was just real hard to do. Now, arrives Windows 7; Disabling RPC in Windows 7 would frequently cause unbootable systems and even Blue Screens, leaving many people who attempted to disable it with bearly or even non-functional systems; Still worse, even if you DO lock down RPC the port 135 is HARD CODED into the RPC binary (which is signed to protect against alteration).
Meaning people where 100% forced to have RPC switched on. Which of course, served the NSA and CIA very nicely.
Why? well, what was an attempt at reliable money making has become the entry point of choice for espionage. You will find a common pattern online, some people ask how to disable it and within minutes some nameless (or real life identity-less) user has said how 'you really don't want to turn that off anyway, just block it on the firewall' which is likey NSA, CIA or possibly just general ignorance (if I give stupidity it's dues). What makes me name the earlier two bodies is that I generally find an average user is more like 'so what is RPC?' not 'I'm sure its harmless'.
The root of the problem? Corrupted corporations (and possibly governments) who feel that everything they ever did is still 'theirs' to own and control and that a user is their staffer. Worse, laws are being formed to 'make this so'.
What can we do? Well, as much as I like MS for its usability, moving to Linux is a pretty good choice.
Now, don't get me wrong, software vendors need paying and revenue is important. The problem is that vendors like Microsoft are looking to protect revenue streams instead of seeking to create them. They see Windows as an engine for money making, not as a bought service. That is they want us to rent, not sell us houses. Instead of being smart and thinking "what will our customer base want next?" they are thinking greedy "how can we ensure we keep receiving money from our customers?".
Tuesday 23 October 2018
Subscribe to:
Posts (Atom)